2023 US Data Privacy & GDPR, A new Era In Compliance

After years of pushing back deadlines and negotiating data sharing agreements, US Data Privacy laws and GDPR are about to take center stage in 2023.

Overview: Privacy Law Activity in 2022-2023

After being on the horizon for years, enforcement of digital data privacy law has finally become a reality, with significant consequences.  This article steps through current US privacy law trends and the velocity of data privacy lawsuits we can expect as US states continue to adopt GDPR standards.

Current State of US data Privacy Law

The current state of US data privacy law is a patchwork of various federal and state laws, with no comprehensive federal data privacy legislation. The main federal law that governs data privacy is the Gramm-Leach-Bliley Act, which applies to financial institutions. Other federal laws such as HIPAA and COPPA apply to specific industries and types of data. Some states have implemented their own data privacy laws, such as the California Consumer Privacy Act (CCPA) and the recently enacted Virginia Consumer Data Protection Act (VCDPA).

US States Are adopting Privacy Laws

The year 2023 will go down in history as marking the beginning of a profound shift in the philosophy underlying data privacy laws in the United States.

Recently there has been an uptick in the number of US states that are adopting data privacy standards.  Many of these new privacy standards are very similar, if not entirely modeled after, the GDPR standards that have already been adopted in the EU. They do however vary widely from state to state, creating a constantly shifting landscape of regulations and data privacy compliance standards.

Following California’s CCPA and CPRA lead, four other states — Colorado, Connecticut, Utah, and Virginia — will begin enforcing new GDPR-inspired statutes in 2023. More states are sure to follow. The implications of this fundamental shift in the underlying philosophical framework regarding data privacy protection will be profound in the years and decades to come. 2023 will mark the shift.

Data Privacy Law Suits

The time has finally come, after years of pushing back deadlines and negotiating global data sharing agreements, US Data Privacy laws and GDPR are about to take center stage in 2023.

Failure to adapt quickly to the constantly changing data privacy landscape can lead to large financial implications.  Some of the most expensive data privacy related lawsuits to date include:

It is reasonable to expect the velocity of data privacy lawsuits in the US to mirror those of the EU as GDPR came into effect

It is reasonable to expect the velocity of data privacy lawsuits in the US to mirror those of the EU as GDPR came into effect.

BELOW: The blue line below shows the velocity of fines awarded from GDPR lawsuits has a fairly constant velocity, which means it isn’t slowing down. It would be reasonable to expect a similar uptick in the US as states adopt similar laws. The green line below shows the total value of fines assigned for GDPR violations, over €2.75 billion to date.

On The Horizon

On the horizon, there is a growing push for federal data privacy legislation that would provide a uniform framework for data privacy across the country. Several proposed bills are currently under consideration in Congress, including the Consumer Data Privacy and Security Act and the Data Protection Act of 2021. These bills aim to establish a comprehensive data privacy framework that would provide individuals with greater control over their personal information and hold companies accountable for their data practices. Additionally, there is increasing focus on regulating the collection and use of data by large technology companies, with some calling for antitrust measures to address concerns about their market power and potential harm to consumers.


In addition to GDPR, new US Privacy Laws and FTC rules necessitate monitoring on a state-by-state basis.  A “once-and-done” plan for data governance is not a viable business strategy. Regular reviews, policy updates, and platform monitoring are required to keep abreast of new regulations and get ahead of potential issues before they occur.

2023 is the year to get ahead of the coming liability-curve with a robust data security and privacy posture.

About Global DataOps

Rapidly changing US and GDPR Privacy Laws require regular data security and privacy posture assessment and related policy, operations & technology updates.

Global DataOps seamlessly integrates technology, operational, and legal compliance solutions to mitigate risk, and stay ahead of approaching security and privacy requirements before they can become issues.

News & Insights

Send Us A Message